mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add AES-OFB to FIPSv5 build as v5-RC10 (5,2)

Browse Source
This commit is contained in:
John Safranek 2021-11-04 11:58:28 -07:00
parent ab74bbcfee
commit 0d465cf42f
No known key found for this signature in database
GPG Key ID: 8CE817DE0D3CCB4A
2 changed files with 12 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
configure.ac
View File

@ -248,6 +248,12 @@ AS_CASE([$ENABLED_FIPS],
HAVE_FIPS_VERSION=2
ENABLED_FIPS="yes"
],
[v5-RC10],[
FIPS_VERSION="v5-RC10"
HAVE_FIPS_VERSION=5
HAVE_FIPS_VERSION_MINOR=2
ENABLED_FIPS="yes"
],
[v5|v5-RC9|v5-REL],[
FIPS_VERSION="v5-RC9"
HAVE_FIPS_VERSION=5
@ -3444,6 +3450,11 @@ AS_CASE([$FIPS_VERSION],
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_VALIDATE_FFC_IMPORT -DHAVE_FFDHE_Q"
AM_CFLAGS="$AM_CFLAGS -DHAVE_FFDHE_3072 -DHAVE_FFDHE_4096 -DHAVE_FFDHE_6144 -DHAVE_FFDHE_8192"
DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS=8192
if test $HAVE_FIPS_VERSION_MINOR -ge 2; then
if test "x$ENABLED_AESOFB" = "xno"; then
ENABLED_AESOFB="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_OFB"
fi
fi
],
["v3"],[ # FIPS 140-2 Ready
AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS -DHAVE_FIPS_VERSION=$HAVE_FIPS_VERSION -DHAVE_FIPS_VERSION_MINOR=$HAVE_FIPS_VERSION_MINOR -DWOLFSSL_KEY_GEN -DWOLFSSL_SHA224 -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB -DHAVE_ECC_CDH -DWC_RSA_NO_PADDING -DWOLFSSL_VALIDATE_FFC_IMPORT -DHAVE_FFDHE_Q -DWOLFSSL_ECDSA_SET_K"

2
wolfssl/wolfcrypt/types.h
View File

@ -1271,7 +1271,7 @@ decouple library dependencies with standard string, memory and so on.
#endif
#if FIPS_VERSION_EQ(5,1)
#if FIPS_VERSION_GE(5,1)
#define WC_SPKRE_F(x,y) wolfCrypt_SetPrivateKeyReadEnable_fips((x),(y))
#define PRIVATE_KEY_LOCK() WC_SPKRE_F(0,WC_KEYTYPE_ALL)
#define PRIVATE_KEY_UNLOCK() WC_SPKRE_F(1,WC_KEYTYPE_ALL)